On Tue, 2004-04-06 at 17:42, Douglas Maxwell wrote: > On Sun, Apr 04, 2004 at 11:12:33PM +0300, Eddy Petrisor wrote: > > I made it with firewall builder, as I found it more suitable for myself > > as a beginer. Everything works ok for the users behind the firewall > > (private class addresses) but from the server I can't access the > > internet, nor the internal network... > > > The rule you want would have your firewall object in the source > column, "Any" in the destination column, and "Any" or whatever > services you want to allow out from your server/firewall in the > service column, with Action set to "Accept", of course. I had a hunch it was that and already done that...
> If you want > to browse the 'net from the firewall itself, make sure to allow DNS > queries out from that box (there is a predefined group for that in > fwbuilder). > What version of fwbuider do you use? I have 1.0.0-2, and I can't find any DNS .... no, wait! dns tcp, right? what if I leave firewall:source dest:any port:any accept , and the next, src:any dest:fw port:any deny? my fw is not a DNS, just a gateway.. > > Using the firewall object itself in the source column with "Any" in > the destination column will allow traffic originating on your > firewall to go anywhere, internal or out to the Internet. If you > wanted to restrict traffic based on interface, you would have to use > the interface object in the source column. > again, what version? I can't find any interface object, but hosts (I got the ideea, but they could have made it cleaerer, luckly they got the ideea right by now, as I see on their site and you statement...) > BTW, connections originating from the firewall traverse iptable's > OUPUT chain. > I see there are differences again, but I got the point. (for me firewall-> iterfaces tab->policy attached to interface..) > HTH, > > Doug > Thanks, Eddy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
